Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.
The vulnerability occurs in the sub_49E098 function, which improperly handles the shareSpeed parameter — it does not verify the length of supplied input data before copying it to the stack (CWE-120, CWE-787). An attacker can send a specially crafted network request with an excessively long shareSpeed parameter value, causing a buffer overflow on the stack. As a result, it is possible to overwrite the function's return address and hijack control of the program's execution flow.
An unauthenticated remote attacker can gain full control over the device, which in practice means the ability to execute arbitrary code (RCE) with the privileges of the process handling the request, thereby compromising the router, modifying network configuration, or using the device as an entry point to the internal network.
Security patches available from the manufacturer should be applied in accordance with the references. Until an update is applied, it is recommended to restrict access to the router's management interface only to trusted hosts, block access from the WAN network, and monitor network traffic directed to the device.
Tenda AC8V4 with firmware version V16.03.34.06
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac8
HWTenda4.0Tenda Ac8 Firmware
OSTenda16.03.34.06
Related vulnerabilities
Buffer Overflow w Tenda AC8 — funkcja fromSetRouteStatic
Tenda AC8V4 — stack overflow w parametrze shareSpeed (RCE)
Buffer overflow w Tenda AC8V4 — stack overflow w funkcji get_parentControl_list_Info
Tenda AC8V4 — stack-based buffer overflow w funkcji WifiExtraSet
Tenda AC8v4 — stack overflow w funkcji setSchedWifi (schedEndTime)